Understanding the risk and being able to do something about it are not always linked when it comes to cybersecurity. While almost half of those polled said their agency isn’t “fully prepared” for an attack, 84 percent said their tech is on par or more advanced than that used by Silicon Valley.

That said, 48 percent of those polled said they don’t have the staff to protect their agencies.

Malware attacks were the biggest cause of anxiety, with 79 percent ranking it as a top worry. Phishing attacks were second at 46 percent, followed by ransomware (37 percent) and device theft (35 percent).

Those percentages change when divided between civilian and defense agencies. Civilian IT professionals listed phishing and ransomware as the primary concerns, while defense and intelligence agencies ranked device theft highest.

As for the ramifications of an attack, 72 percent of those polled said data loss is the biggest concern, followed by service outages and downtime (48 percent) and loss of intellectual property (46 percent). The latter was the primary concern for defense and intelligence employees.